Ali Al Shemery arabnix at gmail All materials is licensed under a Creative Commons Share Alike license httpcreativecommonsorglicensesbysa30 2 whoami Ali Al Shemery ID: 157185
Download Presentation The PPT/PDF document "Hacking Techniques & Intrusion Detec..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Hacking Techniques & Intrusion Detection
Ali Al-Shemeryarabnix [at] gmailSlide2
All materials is licensed under a Creative Commons “Share Alike” license.
http://creativecommons.org/licenses/by-sa/3.0/
2Slide3
# whoami
Ali Al-ShemeryPh.D., MS.c., and
BS.c
.,
Jordan
More than 14 years of Technical Background (mainly Linux/Unix and Infosec
)Technical Instructor for more than 10 years (Infosec
, and Linux Courses)
Hold more than
15 well known Technical CertificatesInfosec & Linux are my main Interests
3Slide4
Reconnaissance
(RECON)With great knowledge, comes successful attacks!Slide5
Outline - Reconnaissance
Intelligence GatheringTarget SelectionOpen Source Intelligence (OSINT)Covert GatheringFootprinting
5Slide6
Intelligence Gathering
What is itWhy do itWhat is it notOpen source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.
6Slide7
Target Selection
Identification and Naming of TargetConsider any Rules of Engagement limitationsConsider time length for testConsider end goal of the test
7Slide8
Open Source Intelligence (OSINT)
Simply, it’s locating, and analyzing publically (open) available sources of information. Intelligence gathering process has a goal of producing current and relevant information that is valuable to either an attacker or competitor
.
- OSINT is not only web searching!
8Slide9
Open Source Intelligence (OSINT)
Takes three forms:Passive Information GatheringSemi-passive Information GatheringActive Information Gathering
Used for:
Corporate
Individuals
9Slide10
Corporate - Physical
LocationsPublic sites can often be located by using search engines such as: Google, Yahoo, Bing, Ask.com, Baidu,
Yandex
,
Guruji
, etcRelationships
10Slide11
Corporate - Logical
Business PartnersBusiness ClientsCompetitorsProduct lineMarket Vertical
Marketing accounts
Meetings
Significant company dates
Job openings
Charity affiliations
Court records
Political donations
Professional licenses or registries11Slide12
Job Openings Websites
Bayt, http://bayt.comMonster, http://www.monster.com CareerBuilder, http://www.careerbuilder.comComputerjobs.com
, http://www.computerjobs.com
Indeed, LinkedIn, etc
12Slide13
Corporate – Org. Chart
Position identificationTransactionsAffiliates
13Slide14
Corporate – Electronic
Document MetadataMarketing Communications
14Slide15
Corporate – Infrastructure Assets
Network blocks ownedEmail addresses
External
infrastructure profile
Technologies
used
Purchase
agreements
Remote accessApplication usage
Defense technologies
Human
capability
15Slide16
Corporate – Financial
ReportingMarket analysisTrade capitalValue history
16Slide17
Individual - History
Court RecordsPolitical DonationsProfessional licenses or registries
17Slide18
Individual - Social Network (SocNet
) ProfileMetadata LeakageToneFrequencyLocation awareness
Social Media Presence
18Slide19
Location Awareness - Cree.py
Cree.py is an open source intelligence gathering application. Can gather from Twitter. Cree.py can gather any geo-location data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com,
moby.to
, twitsnaps.com and twitgoo.com.
19Slide20
Cree.py
20Slide21
Cree.py
21Slide22
Individual - Internet Presence
Email AddressPersonal Handles/NicknamesPersonal Domain Names registeredAssigned Static IPs/Netblocks
22Slide23
Maltego
Paterva Maltego is a data mining and information-gathering tool that maps the information gathered into a format that is easily understood and manipulated.It saves you time by automating tasks such as email harvesting and mapping
subdomains
.
23Slide24
Maltego
24Slide25
Maltego
25Slide26
NetGlub
NetGlub is an open source data mining and information-gathering tool that presents the information gathered in a format that is easily understood, (Similar to Maltego).Consists of: Master, Slave, and GUI
26Slide27
NetGlub
27Slide28
NetGlub
28Slide29
NetGlub
29Slide30
TheHarvester
TheHarvester is a tool, written by Christian Martorella, that can be used to gather e-mail accounts and subdomain names from different public sources (search engines,
pgp
key servers).
DEMO:
./theHarvester.py -d linuxac.org -l 500 -b
google
30Slide31
Social Networks
Check Usernames - Useful for checking the existence of a given username across 160 Social Networks.http://checkusernames.com/
31Slide32
Social Networks
NewsgroupsGoogle - http://www.google.com Yahoo Groups - http://groups.yahoo.com Mail Lists
The Mail Archive - http://www.mail-archive.com
32Slide33
Audio / Video
AudioiTunes, http://www.apple.com/itunes Podcast.com, http://podcast.com Podcast Directory, http://www.podcastdirectory.com
Video
YouTube, http://youtube.com
Yahoo Video, http://video.search.yahoo.com
Bing Video,
http://www.bing.com/
Vemo
, http://vemo.com
33Slide34
Archived Information
There are times when we will be unable to access web site information due to the fact that the content may no longer be available from the original source. Being able to access archived copies of this information allows access to past information. Perform Google searches using specially targeted search strings: cache:<site.com> Use the archived information from the
Wayback
Machine
(http://www.archive.org).
34Slide35
Archived Information
35Slide36
Metadata leakage
The goal is to identify data that is relevant to the target corporation.It may be possible to identify locations, hardware, software and other relevant data from Social Networking posts.Examples:ixquick - http://ixquick.com
MetaCrawler
- http://metacrawler.com
Dogpile
- http://www.dogpile.com
Search.com - http://www.search.com
Jeffery's
Exif
Viewer - http://regex.info/exif.cgi 36Slide37
Metadata leakage - FOCA
FOCA is a tool that reads metadata from a wide range of document and media formats. FOCA pulls the relevant usernames, paths, software versions, printer details, and email addresses.DEMO (WinXP
VM_Box
)
37Slide38
Metadata leakage - Foundstone
SiteDiggerFoundstone has a tool, named SiteDigger
, which allows us to search a domain using specially strings from both the Google Hacking Database (GHDB) and
Foundstone
Database (FSDB).
38Slide39
Metadata leakage - Foundstone
SiteDigger
39Slide40
Metadata leakage - Metagoofil
Metagoofil is a Linux based information gathering tool designed for extracting metadata of public documents (.pdf, .doc, .xls
, .
ppt
, .
odp
, .ods) available on the client's websites.
Metagoofil
generates an html results page with the results of the metadata extracted, plus a list of potential usernames that could prove useful for brute force attacks. It also extracts paths and MAC address information from the metadata.
40Slide41
Individual - Physical Location
Physical Location41Slide42
Individual - Mobile Footprint
Phone #Device typeInstalled applications
42Slide43
Covert Gathering - Corporate
On-Location GatheringPhysical security inspectionsWireless scanning / RF frequency scanningEmployee behavior training inspection
Accessible/adjacent facilities (shared spaces)
Dumpster diving
Types of equipment in use
Offsite Gathering
Data center locations
Network provisioning/provider
43Slide44
Other Gathering Forms
Human Intelligence (HUMINT)Methodology always involves direct interaction - whether physical, or verbal.Gathering should be done under an assumed identity (remember pretexting
?
).
Key Employees
Partners/Suppliers
44Slide45
Other Gathering Forms
Signals Intelligence (SIGINT):Intelligence gathered through the use of interception or listening technologies.Example:Wired/Wireless Sniffer
TAP devices
45Slide46
Other Gathering Forms
Imagery Intelligence (IMINT):Intelligence gathered through recorded imagery, i.e. photography.IMINT can also refer to satellite intelligence, (cross over between IMINT and OSINT if it extends to Google Earth and its equivalents).
46